To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.

Deloder worm threatens DDos attack

One of the guys on IRC informed us about this article at zdnet which tells us about a new worm which can allow hackers to remotely control infected machines.

The worm leaves behind two Trojan horse programs and may be paving the way for a crippling distributed denial of service (DDoS) attack. Although the experts are not yet rating the Deloder worm as a high risk to users, the technical make-up of the Trojans it leaves behind is of concern.

This worm, unlike others such as Klez, requires no user interaction to spread--it exploits common passwords, such as "password" and "computer", in share directories in Windows NT/2000/XP machines and hence spreads automatically.

Comment

questionlp
the Cowardly Tech

Posts: 323
Joined: 2002-02-14

#21971 Posted on: 03/11/2003 03:04 AM

Originally posted by davidg looks like if u update your antivirus and dont have remote desktop on then u have nothing to worry about. It was only a matter of time before someone had a password based hack for remote desktop.

Nitpicking: I'm not sure if this worm will snipe Windows XP's Remote Desktop or Terminal Services or not since they aren't the same as VNC.

Comment

#21972 Posted on: 03/11/2003 03:41 AM
netstat and look for the irc port will help find it too

Comment

ciscokid454
2[H]4u

Posts: 1221
Joined: 2001-04-29

#21973 Posted on: 03/11/2003 11:02 AM

Originally posted by questionlp Nitpicking: I'm not sure if this worm will snipe Windows XP's Remote Desktop or Terminal Services or not since they aren't the same as VNC.

Still, nasty worm and for any company that doesn't block any NetBIOS over TCP or SMB ports at a firewall, mostly to critical systems needs to be hit with a clue-by-four. Of course, having remote users that aren't as protected don't help either

The worm does NOT affect RDP/TS, but rather VNC which is NOT the same as RDP/TS and does not connect via port 445. There are other known issues with Terminal Services/Remote Desktop and there are patches available for those, but this worm does not exploit that.